5 Safety and Regulatory Audience This guide is for the networking professional managing the standalone PG28CB switch series. It is recommended that only professionals with experience working with Intelligent Technology INC. networking devices who are familiar with the Ethernet and local area networking terminology, should service the equipment. Conventions The following conventions are used in this manual to convey instructions and information: Command descriptions use these conventions: Commands and keywords are in boldface text. Arguments for which you supply values are in italic. Square brackets ([ ]) mean optional elements. Braces ({ }) group required choices, and vertical bars ( ) separate the alternative elements. Braces and vertical bars within square brackets ([{ }]) mean a required choice within an optional element. Interactive examples use these conventions: Nonprinting characters, such as passwords or tabs, are in angle brackets (< >). Notes and cautions use the following conventions and symbols: Note Means additional information. Notes contain additional useful information or references to material available outside of this document. Caution Indicates that the reader must be careful. In a situation where a Caution is listed, a user may cause equipment damage or loss of data.

6 I Introduction Thank you for choosing a Edimax WEB Smart Ethernet Switch. This device is designed to be operational right out-of-the-box as a standard bridge. In the default configuration, it will forward packets between connecting devices after powered up. Before you begin installing the switch, make sure you have all of the package contents available, and a PC with a web browser for using web-based system management tools. I-1 Overview The Edimax GS-5424G is 24-Port Gigabit Smart Managed Switch with 4 SFP Ports. I-2 Package Content Before using the product, check that the items listed below are included and in good condition. If any item does not accord with the table, please contact your dealer immediately GS-5424G Switch 2. Quick Installation Guide 3. CD Power Cord 5. Rack-Mount Kit & Screws 1

9 II Installation This chapter describes how to install and connect your Edimax Switch. Read the following topics and perform the procedures in the correct order. Incorrect installation may cause damage to the product. II-1 Mounting the Switch There are two ways to physically set up the switch. Place the switch on a flat surface. Mount the switch in a standard rack (1 rack unit high). II-1-1 Placement Tips Ambient Temperature To prevent the switch from overheating, do not operate it in an area that exceeds an ambient temperature of 122 F (50 C). Air Flow Be sure that there is adequate air flow around the switch. Mechanical Loading Be sure that the switch is level and stable to avoid any hazardous conditions. Circuit Overloading Adding the switch to the power outlet must not overload that circuit. Follow these guidelines to install the switch securely. Put the switch in a stable place such as a desktop, to avoid it falling. Ensure the switch works in the proper AC input range and matches the voltage labeled. Ensure there is proper heat dissipation from and adequate ventilation around the switch. Ensure the switch s location can support the weight of the switch and its accessories. 4

10 II-1-2 Desktop Mounting Please install the four rubber feet (included) on the bottom of the switch and place the switch at the desired location. Figure 4 - Desktop Installation II-1-3 Rack Mounting You can mount the switch in any standard size, 19-inch (about 48 cm) wide rack. The switch requires 1 rack unit (RU) of space, which is 1.75 inches (44.45 mm) high. For stability, load the rack from the bottom to the top, with the heaviest devices on the bottom. A top-heavy rack is likely to be unstable and may tip over. When mounting smaller switch products into a standard 19-inch rack, a pair of extension brackets (sometimes referred to as ears) are needed to adapt the switch to the rack size. These extension brackets are mounted on the switch using the screws provided in the kit, and have two holes that are used to then screw the switch into the rack. An example of one type of these extension brackets is shown in the following figure. A common problem that occurs during rack mounting is the distance between the screw holes on the rack. Some racks are made with a uniform distance between all of the holes, and others have the holes organized into groups (see photo on the next page for an example). When organized into groups, the switch must be placed in the rack so that the holes in the extension brackets line up correctly. 5

11 1. Align the mounting brackets with the mounting holes on the switch s side panels and secure the brackets with the screws provided. Figure 5 - Bracket Installation 2. Secure the switch on the equipment rack with the screws provided. Figure 6 - Rack Installation 6

12 III Getting Started This section provides an introduction to the web-based configuration utility, and covers the following topics: Powering on the device Connecting to the network Starting the web-based configuration utility III-1 Connecting to Power Power down and disconnect the power cord before servicing or wiring a switch. Do not disconnect modules or cabling unless the power is first switched off. The device only supports the voltage outlined in the type plate. Do not use any other power components except those specifically designated for the switch. Disconnect the power cord before installation or cable wiring. The switch is powered by the AC V 50/60Hz internal high-performance power supply. It is recommended to connect the switch with a single-phase three-wire power source with a neutral outlet, or a multifunctional computer professional source. Connect the AC power connector on the back panel of the switch to the external power source with the included power cord, and check the power LED is on. Figure 7 - Rear View AC Power Socket 7

13 III-2 Connecting to Network To connect the switch to the network: 1. Connect an Ethernet cable to the Ethernet port of a computer 2. Connect the other end of the Ethernet cable to one of the numbered Ethernet ports of the switch. The LED of the port lights if the device connected is active. 3. Repeat Step 1 and Step 2 for each device to connect to the switch. We strongly recommend using CAT-5E or better cable to connect network devices. When connecting network devices, do not exceed the maximum cabling distance of 100 meters (328 feet). It can take up to one minute for attached devices or the LAN to be operational after it is connected. This is normal behavior. Connect the switch to end nodes using a standard Cat 5/5e Ethernet cable (UTP/STP) to connect the switch to end nodes as shown in the illustration below. Switch ports will automatically adjust to the characteristics (MDI/MDI-X, speed, duplex) of the device to which the switch is connected. Figure 8 - PC Connect 8

14 III-3 Starting the Web-based Configuration Utility This section describes how to navigate the web-based switch configuration utility. Be sure to disable any pop-up blocker. Browser Restrictions If you are using older versions of Internet Explorer, you cannot directly use an IPv6 address to access the device. You can, however, use the DNS (Domain Name System) server to create a domain name that contains the IPv6 address, and then use that domain name in the address bar in place of the IPv6 address. If you have multiple IPv6 interfaces on your management station, use the IPv6 global address instead of the IPv6 link local address to access the device from your browser. Launching the Configuration Utility To open the web-based configuration utility: 1. Open a Web browser. 2. Enter the IP address of the device you are configuring in the address bar on the browser (factory default IP address is ) and then press Enter. When the device is using the factory default IP address, its power LED flashes continuously. When the device is using a DHCP assigned IP address or an administrator-configured static IP address, the power LED is lit a solid color. Your computer s IP address must be in the same subnet as the switch. For example, if the switch is using the factory default IP address, your computer s IP address can be in the following range: x (whereas x is a number from 2 to 254). After a successful connection, the login window displays. Figure 9 - Login Window 9

15 III-3-1 Logging In The default username is admin and the default password is The first time that you log in with the default username and password, you are required to enter a new password. To log in to the device configuration utility: 1. Enter the default user ID (admin) and the default password (1234). 2. If this is the first time that you logged on with the default user ID (admin) and the default password (1234) it is recommended that you change your password immediately. See IV-13 Management on page 171 for additional information. When the login attempt is successful, the System Information window displays. Figure 10 - System Information If you entered an incorrect username or password, an error message appears and the Login page remains displayed on the window. If you are having problems logging in, 10

16 please see the Launching the Configuration Utility section in the Administration Guide for additional information. III-3-2 Logging Out By default, the application logs out after ten minutes of inactivity. To manually logout, click Logout in the top right corner of any page. When a timeout occurs or you intentionally log out of the system, a message appears and the Login page appears, with a message indicating the logged-out state. After you log in, the application returns to the initial page. 11

18 IV-1 Status Use the Status pages to view system information and status. IV-1-1 System Information This page shows switch panel, CPU utilization, Memory utilization and other system current information. It also allows user to edit some system information. To display the Device Information web page, click Status > System Information. Figure 12 - Status > System Information Model System Name System Location System Contact Model name of the switch. System name of the switch. This name will also use as CLI prefix of each line. ( Switch> or Switch# ). Location information of the switch. Contact information of the switch. 13

19 MAC Address IPv4 Address System OID System Uptime Current Time Loader Version Loader Date Firmware Version Firmware Date Telnet SSH HTTP HTTPS SNMP Base MAC address of the switch. Current system IPv4 address. SNMP system object ID. Total elapsed time from booting. Current system time. Boot loader image version. Boot loader image build date. Current running firmware image version. Current running firmware image build date. Current Telnet service enable/disable state. Current SSH service enable/disable state. Current HTTP service enable/disable state. Current HTTPS service enable/disable state. Current SNMP service enable/disable state. Click Edit button on the table title to edit following system information. Figure 13 - Status > System Information > Edit System Information System Name System Location System Contact System name of the switch. This name will also use as CLI prefix of each line. ( Switch> or Switch# ). Location information of the switch. Contact information of the switch. 14

20 IV-1-2 Logging Message To view the logging messages stored on the RAM and Flash, click Status > Logging Message. Figure 14 - Status > Logging Message Log ID Time Severity Viewing Clear Refresh The log identifier. The time stamp for the logging message. The severity for the logging message. The description of logging message. RAM: Show the logging messages stored on the RAM. Flash: Show the logging messages stored on the Flash. Clear the logging messages. Refresh the logging messages. 15

21 IV-1-3 IV Port Statistics This page displays standard counters on network traffic form the Interfaces, Ethernet -like and RMONMIB. Interfaces and Ethernet-like counters display errors on the traffic passing through each port. RMON counters provide a total count of different frame types and sizes passing through each port. The Clear button will clear MIB counter of current selected port. To display the Port Flow Chart web page, click Status > Port > Statistics. 16

28 IV-2 Network Use the Network pages to configure settings for the switch network interface and how the switch connects to a remote server to get services. IV-2-1 IP Address This section allows you to edit the IP address, Netmask, Gateway and DNS server of the switch. To view the IP Address menu, navigate to Network > IP Address. 23

31 IV-2-2 System Time This page allows user to set time source, static time, time zone and daylight saving settings. Time zone and daylight saving takes effect both static time or time from SNTP server. To display System Time page, click Network > System Time. Figure 21 - Network > System Time 26

32 Source Time Zone SNTP Address Type Server Address Server Port Manual Time Date Time Daylight Saving Time Type Offset Recurring From Recurring To Non-recurring From Non-recurring To Non-recurring From Non recurring To Select the time source. SNTP: Time sync from NTP server. From Computer: Time set from browser host. Manual Time: Time set by manually configure. Select a time zone difference from listing district. Select the address type of NTP server. This is enabled when time source is SNTP. Input IPv4 address or hostname for NTP server. This is enabled when time source is SNTP. Input NTP port for NTP server. Default is 123. This is enabled when time source is SNTP. Input manual date. This is enabled when time source is manual. Input manual time. This is enabled when time source is manual. Select the mode of daylight saving time. Disable: Disable daylight saving time. Recurring: Using recurring mode of daylight saving time. Non-Recurring: Using non-recurring mode of daylight saving time. USA: Using daylight saving time in the United States that starts on the second Sunday of March and ends on the first Sunday of November. European: Using daylight saving time in the Europe that starts on the last Sunday in March and ending on the last Sunday in October. Specify the adjust offset of daylight saving time. Specify the starting time of recurring daylight saving time. This field available when selecting Recurring mode. Specify the ending time of recurring daylight saving time. This field available when selecting Recurring mode. Specify the starting time of non-recurring daylight saving time. This field available when selecting Non-Recurring mode. Specify the ending time of recurring daylight saving time. This field available when selecting Non-Recurring mode. Specify the starting time of non-recurring daylight saving time. This field available when selecting Non-Recurring mode. Specify the ending time of recurring daylight saving time. This field available when selecting Non-Recurring mode. 27

39 Active Member Inactive Member Active member ports of the LAG. Inactive member ports of the LAG. Click Edit to edit Link Aggregation Group menu. Figure 27 - Port > Link Aggregation > Group > Edit Link Aggregation Group LAG Name Type Member Selected LAG group ID. LAG port description. The type of the LAG Static: The group of ports assigned to a static LAG are always active members. LACP: The group of ports assigned to dynamic LAG are candidate ports. LACP determines which candidate ports are active member ports. Select available port to be LAG group member port. 34

46 IV-4 VLAN A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped togeth-er even if they are not located on the same network switch. VLAN membership can be configured through software instead of physically relocating devices or connections. IV-4-1 VLAN Use the VLAN pages to configure settings of VLAN. IV Create VLAN This page allows user to add or delete VLAN ID entries and browser all VLAN entries that add statically or dynamic learned by GVRP. Each VLAN entry has a unique name, user can edit VLAN name in edit page. To display Create VLAN page, click VLAN > VLAN > Create VLAN. Figure 35 - VLAN > VLAN > Create VLAN Available VLAN VLAN has not created yet. Select available VLANs from left box then move to right box to add. 41

49 PVID Excluded: Specify the port is excluded in the VLAN. Tagged: Specify the port is tagged member in the VLAN. Untagged: Specify the port is untagged member in the VLAN. Display if it is PVID of interface. IV Membership This page allows user to view membership information for each port and edit membership for specified interface. To display Membership page, click VLAN > VLAN > Membership. Figure 38 - VLAN > VLAN > Membership 44

50 Port Mode Administrative VLAN Operational VLAN Display the interface of port entry. Display the interface VLAN mode of port. Display the administrative VLAN list of this port. Display the operational VLAN list of this port. Operational VLAN means the VLAN status that really runs in device. It may different to administrative VLAN. Click "Edit" button to view the Edit Port Setting menu Figure 39 - VLAN > VLAN > Membership > Edit Port Setting Port Display the interface. Mode Display the VLAN mode of interface. Select VLANs of left box and select one of following membership then move to right box to add membership. Select VLANs of right box then move to left box to remove membership. Tagging membership may not choose in differ VLAN port mode. Select the time source. Membership Forbidden: Set VLAN as forbidden VLAN. Excluded: This option is always disabled. Tagged: Set VLAN as tagged VLAN. Untagged: Set VLAN as untagged VLAN. PVID: Check this checkbox to select the VLAN ID to be the port-based 45

59 Port Group ID VLAN Display port ID that binding with MAC group entry. Display group ID that port binding with. Display VLAN ID that assign to packets which match MAC group. Click Add or Edit button to view the Add/Edit Group Binding menu. Figure 49 - VLAN > MAC VLAN > Add/Edit Group Binding Port Group ID VLAN Select ports in left box then move to right to binding with MAC group. Or select ports in right box then move to left to unbind with MAC group. Only interface has hybrid VLAN mode can be selected and bound with protocol group. Only available on Add dialog. Select a Group ID to associate with port. Only available on Add dialog. Input VLAN ID that will assign to packets which match MAC group. 54

63 State Enable/disable the STP on the switch. Specify the STP operation mode. STP: Enable the Spanning Tree (STP) operation. Operation Mode RSTP: Enable the Rapid Spanning Tree (RSTP) operation. MSTP: Enable the Multiple Spanning Tree (MSTP) operation. Specify the path cost method. Long: Specifies that the default port path costs are within the Path Cost range: 1-200,000,000. Short: Specifies that the default port path costs are within the range: 1-65,535. Specify the BPDU forward method when the STP is disabled. BPDU Handling Filtering: Filter the BPDU when STP is disabled. Flooding: Flood the BPDU when STP is disabled. Specify the bridge priority. The valid range is from 0 to 61440, and the value should be the multiple of It ensures the probability that the Priority switch is selected as the root bridge, and the lower value has the higher priority for the switch to be selected as the root bridge of the topology. Specify the STP hello time in second to broadcast its hello message to Hello Time other bridges by Designated Ports. Its valid range is from 1 to 10 seconds. Specify the time interval in seconds for a switch to wait the Max Age configuration messages, without attempting to redefine its own configuration. Specify the STP forward delay time, which is the amount of time that a Forward Delay port remains in the Listening and Learning states before it enters the Forwarding state. Its valid range is from 4 to 10 seconds. Specify the tx-hold-count used to limit the maximum numbers of TX Hold Count packets transmission per second. The valid range is from 1 to 10. The MSTP instance name. Its maximum length is 32 characters. The Region Name default value is the MAC address of the switch. Revision The MSTP revision number. Its valid rage is from 0 to Specify the number of hops in an MSTP region before the BPDU is Max Hop discarded. The valid range is 1 to 40. Operational Status Bridge Identifier Bridge identifier of the switch. Designated Root Bridge identifier of the designated root bridge. Identifier Root Port Operational root port of the switch. Root Path Cost Operational root path cost. Topology Change Numbers of the topology changes. Count 58

64 Last Topology Change The last time for the topology change. IV-6-2 Port Setting To configure and display the STP port settings, click STP > Port Setting. Figure 54 - Spanning Tree > Port Setting Port Specify the interface ID or the list of interface IDs. State The operational state on the specified port. Path Cost STP path cost on the specified port. Priority STP priority on the specified port. BPDU Filter The states of BPDU filter on the specified port. BPDU Guard The states of BPDU guard on the specified port. Operational Edge The operational edge port status on the specified port. Operational Point-to-Point The operational point-to-point status on the specified port. The current port role on the specified port. The possible values are: Port Role Disabled, Master, Root, Designated, Alternative, and Backup. Port State The current port state on the specified port. The possible values are: Disabled, Discarding, Learning, and Forwarding. Designated Bridge The bridge ID of the designated bridge. 59

66 BPDU Filter BPDU Guard Point-to-Point In the edge mode, the interface would be put into the Forwarding state immediately upon link up. If the edge mode is enabled for the interface and there are BPDUs received on the interface, the loop might be occurred in the short time before the STP state change. The BPDU Filter configuration avoids receiving / transmitting BPDU from the specified ports. Enable: Enable BPDU filter function. Disable: Disable BPDU filter function. The BPDU Guard configuration to drop the received BPDU directly. Enable: Enable BPDU guard function. Disable: Disable BPDU guard function. Specify the Point-to-Point port configuration: Auto: The state is depended on the duplex setting of the port Enable: Force to true state. Disable: Force to false state IV-6-3 MST Instance To configure MST instance setting, click STP > MST Instance. Figure 56 - Spanning Tree > MST Instance 61

67 MSTI Designated port number. Priority The bridge priority on the specified MSTI. Bridge Identifier The bridge identifier on the specified MSTI. Designated Root Bridge The designated root bridge identifier on the specified MSTI. Root Port The designated root port on the specified MSTI. Root Path Cost The designated root path cost on the specified MSTI. Remaining Hop The configuration of remaining hop on the specified MSTI. VLAN The VLAN configuration on the specified MSTI. Click "Edit" button to view Edit MST Instance menu. Figure 57 - Spanning Tree > MST Instance > Edit MST Instance Setting VLAN Priority Select the VLAN list for the specified MSTI. Specify the bridge priority on the specified MSTI. The valid range is from 0 to 61440, and the value must be the multiple of It ensures the probability that the switch is selected as the root bridge, and the lower values has the higher priority for the switch to be selected as the root bridge of the STP topology. 62

68 IV-6-4 MST Port Setting To configure and display MST port setting, click STP > MST Port Setting. Figure 58 - Spanning Tree > MST Port Setting MSTI Port Path Cost Priority Port Role Port State Mode Type Specify the port setting on the specified MSTI. Specify the interface ID or the list of interface IDs. The port path cost on the specified MSTI. The port priority on the specified MSTI. The current port role on the specified port. The possible values are: Disabled, Master, Root, Designated, Alternative, and Backup. The current port state on the specified port. The possible values are: Disabled, Discarding, Learning, and Forwarding. The operational STP mode on the specified port. The possible value for the port type are: Boundary: The port attaching an MST Bridge to a LAN that is not in the same region. 63

77 Port Port Name. In-Use (Bytes) Total number of bytes of LLDP information in each packet. Available (Bytes) Total number of available bytes left for additional LLDP information in each packet. Operational Status Overloading or not. Click "Detail" button to view Packet View Detail menu. 72

78 Figure 66 - Discovery > LLDP > Packet View > Packet View Detail Port Port Name. Mandatory TLVs Total mandatory TLV byte size. Status is sent or overloading. MED Capabilities Total MED Capabilities TLV byte size. Status is sent or overloading. MED Location Total MED Location byte size. Status is sent or overloading. MED Network Policy Total MED Network Policy byte size. Status is sent or overloading. MED Inventory Total MED Inventory byte size. Status is sent or overloading MED Extended Power via Total MED Extended Power via MDI byte size. Status is sent or MDI overloading TLVs Total TLVs byte size. Status is sent or overloading. Optional TLVs Total Optional TLV byte size. Status is sent or overloading TLVs Total TLVs byte size. Status is sent or overloading. Total Total number of bytes of LLDP information in each packet. 73

79 IV Local Information Use the LLDP Local Information to view LLDP local device information. To display LLDP Local Device, click Discovery > LLDP > Local Information. Figure 67 - Discovery > LLDP > Local Information Chassis ID Subtype Type of chassis ID, such as the MAC address. Chassis ID Identifier of chassis. Where the chassis ID subtype is a MAC address, the MAC address of the switch is displayed. System Name Name of switch. System of the switch. Capabilities Supported Primary functions of the device, such as Bridge, WLAN AP, or Router. Capabilities Primary enabled functions of the device. 74

81 IV Neighbor Use the LLDP Neighbor page to view LLDP neighbors information. To display LLDP Remote Device, click Discovery > LLDP > Neighbor. Figure 69 - Discovery > LLDP > Neighbor Local Port Chassis ID Subtype Port ID Subtype Port ID System Name Time to Live Number of the local port to which the neighbor is connected. Type of chassis ID (for example, MAC address). Type of the port identifier that is shown. Identifier of port. Published name of the switch. Time interval in seconds after which the information for this neighbor is deleted. 76

84 To display LLDP Statistics status, click Discovery > LLDP > Statistics. Figure 71 - Discovery > LLDP > Statistics Insertions Deletions Drops Age Outs The number of times the complete set of information advertised by a particular MAC Service Access Point (MSAP) has been inserted into tables associated with the remote systems. The number of times the complete set of information advertised by MSAP has been deleted from tables associated with the remote systems. The number of times the complete set of information advertised by MSAP could not be entered into tables associated with the remote systems because of insufficient resources. The number of times the complete set of information advertised by MSAP has been deleted from tables associated with the remote systems because the information timeliness interval has expired. 79

85 Statistics Table Port Interface or port number. Transmit Frame Number of LLDP frames transmitted on the corresponding port. Total Receive Frame Number of LLDP frames received by this LLDP agent on the Total corresponding port, while the LLDP agent is enabled. Receive Frame Number of LLDP frames discarded for any reason by the LLDP agent on Discard the corresponding port. Receive Frame Number of invalid LLDP frames received by the LLDP agent on the Error corresponding port, while the LLDP agent is enabled. Receive TLV Number of TLVs of LLDP frames discarded for any reason by the LLDP Discard agent on the corresponding port. Receive TLV Number of TLVs of LLDP frames that are unrecognied while the LLDP Unrecognized agent is enabled. Neighbor Timeout Number of age out LLDP frames. 80

87 IV Group Address This page allows user to browse all multicast groups that dynamic learned or statically added. To display Multicast General Group web page, click Multicast> General > Group Address. Figure 73 - Multicast > General > Group Address IP Version VLAN Group Address Member Type Life(Sec) IP Version IPv4: ipv4 multicast group IPv6: ipv6 multicast group The VLAN ID of group. The group IP address. The member ports of group. The type of group. Static or Dynamic. The life time of this dynamic group. 82

88 Click Add or Edit button to view Add or Edit Group Address menu. Figure 74 - Multicast > General > Group Address > Add/Edit Group Address VLAN Group Address Member The VLAN ID of group. The group IP address. (Please follow the multicast group address rule) The member ports of group. Available Port: Optional port member Selected Port: Selected port member Move the Ports by clicking the > and < buttons after selecting a port. 83

92 Query Interval Query Max Response Interval Last Member Query count Last Member Query Interval Immediate leave The interval of querier to send general query. In Membership Query Messages, it specifies the maximum allowed time before sending a responding report in units of 1/10 second. The count that Querier-switch sends Group-Specific Queries when it receives a Leave Group message for a group. The interval that Querier-switch sends Group-Specific Queries when it receives a Leave Group message for a group. The immediate leave status of the group will immediate leave when receive IGMP Leave message. 87

97 Group Query Transmit Packet Leave Report General Query Special Group Query Source-specific Group Query IGMP leave packet IGMP join and report packet IGMP general query packet include querier transmit general query packet. IGMP special group query packet include querier transmit special group query packet. IGMP Special Source and Group General Query packet. 92

102 VLAN Group Address Member The VLAN ID of MVR group. The MVR group IP address. The member ports of MVR group. Available Port: Optional port member, it is only receiver port when MVR mode is compatible, it include source port when mode is dynamic. Selected Port: Selected port member 97

105 Figure 88 - Security > RADIUS > Add/Edit RADIUS Server Address Type Server Address Server Port Priority Retry Timeout Usage In add dialog, user need to specify server Address Type Hostname: Use domain name as server address. IPv4: Use IPv4 as server address. IPv6: Use IPv6 as server address. In add dialog, user need to input server address based on address type. In edit dialog, it shows current edit server address. Set RADIUS server port. Set RADIUS server priority (smaller value has higher priority). RADIUS session will try to establish with the server setting which has highest priority. If failed, it will try to connect to the server with next higher priority. Set RADIUS server retry value. If it is fail to connect to server, it will keep trying until timeout with retry times. Set RADIUS server timeout value. If it is fail to connect to server, it will keep trying until timeout. Set RADIUS server usage type Login: For login authentifation x: For 802.1x authentication. All: For all types. 100

110 Figure 92 - Security > Management Access > Add/Edit Management ACE ACL Name Priority Service Action Display the ACL name to which an ACE is being added. Specify the priority of the ACE. ACEs with higher sequence are processed first (1 is the highest priority). Only available on Add Dialog. Select the type service of rule. All: All services. HTTP: Only HTTP service. HTTPs: Only HTTPs service SNMP: Only SNMP service. SSH: Only SSH service. Telnet: Only Telnet service Select the action after ACE match packet. Permit: Forward packets that meet the ACE criteria. 105

111 Port IP Version IPv4 IPv6 Deny: Drop packets that meet the ACE criteria. Select ports which will be matched. Select the type of source IP address. All: All IP addresses can access. IPv4: Specify IPv4 address ca access. IPv6: Specify IPv6 address ca access. Enter the source IPv4 address value and mask to which will be matched. Enter the source IPv6 address value and mask to which will be matched. 106

113 Port Mode Table Port Authentication Type (802.1X) Method Guest VLAN VLAN Assign Mode XXXXXXXXXXXX Xxxxxxxxxxxx XX:XX:XX:XX:XX:XX xx:xx:xx:xx:xx:xx XX-XX-XX-XX-XX-XX xx-xx-xx-xx-xx-xx XX.XX.XX.XX.XX.XX xx.xx.xx.xx.xx.xx XXXX:XXXX:XXXX xxxx:xxxx:xxxx XXXX-XXXX-XXXX XXXX-XXXX-XXXX XXXX.XXXX.XXXX XXXX.XXXX.XXXX XXXXXX:XXXXXX XXXXXX:XXXXXX XXXXXX-XXXXXX XXXXXX-XXXXXX Port Name X authentication type state Enabled: 802.1X is enabled. Disabled: 802.1X is disabled. Support following authentication method order combinations. These orders only available on MAC-Based authentication and WEB-Based authentication x only support Radius method. Local: Use DUT s local database to do authentication Radius: Use remote RADIUS server to do authentication Local Radius Radius Local Port guest VLAN enable state Enabled: Guest VLAN is enabled on port. Disabled: Guest VLAN is disabled on port. Support following VLAN assign mode and only apply when source is RADIUS Disable: Ignore the VLAN authorization result and keep original VLAN of host. Reject: If get VLAN authorized information, just use it. However, if there is no VLAN authorized information, reject the host and make it unauthorized. Static: If get VLAN authorized information, just use it. If there is no VLAN authorized information, keep original VLAN of host. 108

114 Click Edit button to view the Edit Port Mode menu. Figure 94 - Security > Authentication Manager > Property > Edit Port Mode Port Selected port list. Authentication Type Set checkbox to enable/disable authentication types. Select authenticating host mode Multiple Authentication: In this mode, every client need to pass authenticate procedure individually. Multiple Hosts: In this mode, only one client need to be Host Mode authenticated and other clients will get the same access accessibility. Web-auth cannot be enabled in this mode. Single Host: In this mode, only one host is allowed to be authenticated. It is the same as Multi-auth mode with max hosts number configure to be 1. Support following authentication method order combinations. These orders only available on MAC-Based authentication and WEB-Based authentication x only support Radius method. Method Local: Use DUT s local database to do authentication. Radius: Use remote RADIUS server to do authentication. Local Radius. Radius Local. Guest VLAN Set checkbox to enable/disable guest VLAN. 109

115 VLAN Assign Mode Support following VLAN assign mode and only apply when source is RADIUS Disable: Ignore the VLAN authorization result and keep original VLAN of host. Reject: If get VLAN authorized information, just use it. However, if there is no VLAN authorized information, reject the host and make it unauthorized. Static: If get VLAN authorized information, just use it. If there is no VLAN authorized information, keep original VLAN of host. 110

117 period. In Multiple Authentication mode, total host number cannot not Max Hosts exceed max hosts number. Common Timer After re-authenticate period, host will return to initial state and need (Reauthentication) to pass authentication procedure again. If no packet from the authenticated host, the inactive timer will Common Timer increase. After inactive timeout, the host will be unauthorized and (Inactive) corresponding session will be deleted. In multi-host mode, the packet is counting on the authorized host only. Common Timer (Quiet) 802.1X Params (TX Period) 802.1X Params (Supplicant Timeout) 802.1X Params (Server Timeout) 802.1X Params (Max Request) When port is in Locked state after authenticating fail several times, the host will be locked in quiet period. After this quiet period, the host is allowed to authenticate again. Number of seconds that the device waits for a response to an Extensible Authentication Protocol (EAP) request/identity frame from the supplicant (client) before resending the request. The maximum number of EAP requests that can be sent. If a response is not received after the defined period (supplicant timeout), the authentication process is restarted. Number of seconds that lapses before EAP requests are resent to the supplicant. Number of seconds that lapses before the device resends a request to the authentication server. 112

119 Inactive Quiet 802.1X Params TX Period Supplicant Timeout Server Timeout Max Request to pass authentication procedure again. If no packet from the authenticated host, the inactive timer will increase. After inactive timeout, the host will be unauthorized and corresponding session will be deleted. In multi-host mode, the packet is counting on the authorized host only and not all packets on the port. When port is in Locked state after authenticating fail several times, the host will be locked in quiet period. After this quiet period, the host is allowed to authenticate again. Number of seconds that the device waits for a response to an Extensible Authentication Protocol (EAP) request/identity frame from the supplicant (client) before resending the request. The maximum number of EAP requests that can be sent. If a response is not received after the defined period (supplicant timeout), the authentication process is restarted. Number of seconds that lapses before EAP requests are resent to the supplicant. Number of seconds that lapses before the device resends a request to the authentication server. IV Sessions This page show all detail information of authentication sessions and allow user to select specific session to delete by clicking Clear button. To display Sessions web page, click Security > Authentication Manger > Sessions. Figure 97 - Security > Authentication Manager > Sessions Session ID Port MAC Address Current Type Status Session ID is unique of each session. Port name which the host located. Host MAC address. Show current authenticating type 802.1x: Use IEEE 802.1X to do authenticating Show host authentication session status IP version (IPv4, IPv6) 114

120 Disable: This session is ready to be deleted Running: Authentication process is running Authorized: Authentication is passed and getting network accessibility. UnAuthorized: Authentication is not passed and not getting network accessibility. Locked: Host is locked and do not allow to do authenticating until quiet period. Guest: Host is in the guest VLAN. Operational (VLAN) Shows host operational VLAN ID. Operational In Authorized state, it shows total time after authorized. (Session Time) Operational (Inactived) Operational (Quiet In Locked state, it shows total time after locked. Time) Authorized (VLAN) Shows VLAN ID given from authorized procedure. Authorized (Reauthentication Period) Authorized (Inactive Timeouts) In Authorized state, it shows how long the host do not send any packet. Shows reauthentication period given from authorized procedure. Shows inactive timeout given from authorized procedure. 115

122 Action Select the action if learned mac addresses Forward: Forward this packet whose SMAC is new to system and exceed the learning-limit number. Discard: Discard this packet whose SMAC is new to system and exceed the learning-limit number. Shutdown: Shutdown this port when receives a packet whose SMAC is new to system and exceed the learning limit number. Click "Edit" button to view Edit Port Security menu. Figure 99 - Security > Port Security > Edd Port Security Port State MAC Address Action Select one or multiple ports to configure. Select the status of port security Disable: Disable port security function. Enable: Enable port security function. Specify the number of how many mac addresses can be learned. Select the action if learned mac addresses Forward: Forward this packet whose SMAC is new to system and exceed the learning-limit number. Discard: Discard this packet whose SMAC is new to system and exceed the learning-limit number. Shutdown: Shutdown this port when receives a packet whose SMAC is new to system and exceed the learning limit number. 117

127 IV-9-7 DoS A Denial of Service (DoS) attack is a hacker attempt to make a device unavailable to its users. DoS attacks saturate the device with external communication requests, so that it cannot respond to legitimate traffic. These attacks usually lead to a device CPU overload. The DoS protection feature is a set of predefined rules that protect the network from malicious attacks. The DoS Security Suite Settings enables activating the security suite. 122

129 destination port. Drops the packages if the TCP source port is equal to the TCP TCP Blat destination port. Drops the packets if the destination MAC address is equal to the DMAC = SMAC source MAC address. Null Scan Attach Drops the packets with NULL scan. X-Mas Drops the packets if the sequence number is zero, and the FIN, URG Scan Attack and PSH bits are set. TCP SYN-FIN Drops the packets with SYN and FIN bits set. Attack TCP SYN-RST Attack Drops the packets with SYN and RST bits set ICMP Fragment Drops the fragmented ICMP packets. TCP SYN Drops SYN packets with sport less than (SPORT<1024) TCP Fragment Drops the TCP fragment packets with offset equals to one. (Offset = 1) Specify the maximum size of the ICMPv4/ICMPv6 ping packets. The Ping Max Size valid range is from 0 to bytes, and the default value is 512 bytes. Checks the minimum size of IPv6 fragments, and drops the packets IPv6 Min Fragment smaller than the minimum size. The valid range is from 0 to bytes, and default value is 1240 bytes. Avoids smurf attack. The length range of the netmask is from 0 to Smurf Attack 323 bytes, and default length is 0 bytes. 124

146 Click Edit button to view the Edit ACE menu. Figure ACL > Edit ACE ACL Name Sequence Action Source MAC Destination MAC Display the ACL name to which an ACE is being added.. Specify the sequence of the ACE. ACEs with higher sequence are processed first (1 is the highest priority). Only available on Add Dialog. Select the action after ACE match packet. Permit: Forward packets that meet the ACE criteria. Deny: Drop packets that meet the ACE criteria. Shutdown: Drop packets that meet the ACE criteria, and disable the port from where the packets were received. Such ports can be reactivated from the Port Settings page. Select the type for source MAC address. Any: All source addresses are acceptable. User Defined: Only a source address or a range of source addresses which users define are acceptable. Enter the source MAC address and mask to which will be matched. Select the type for Destination MAC address. 141

147 Ethertype VLAN 802.1p Any: All destination addresses are acceptable. User Defined: Only a destination address or a range of destination addresses which users define are acceptable. Enter the destination MAC address and mask to which will be matched. Select the type for Ethernet frame type. Any: All Ethernet frame type is acceptable. User Defined: Only an Ethernet frame type which users define is acceptable. Enter the Ethernet frame type value to which will be matched. Select the type for VLAN ID. Any: All VLAN ID is acceptable. User Defined: Only a VLAN ID which users define is acceptable. Enter the VLAN ID to which will be matched. Select the type for 802.1p value. Any: All 802.1p value is acceptable. User Defined: Only an 802.1p value or a range of 802.1p value which users define is acceptable. Enter the 802.1p value and mask to which will be matched. IV-10-3 IPv4 ACL This page allows user to add or delete IPv4 ACL rule. A rule cannot be deleted if under binding. To display IPv4 ACL page, click ACL > IPv4 ACL. Figure ACL > IPv4 ACL 142

148 ACL Name ACL Name Rule Port Input IPv4 ACL name. Display IPv4 ACL name. Display the number ACE rule of ACL. Display the port list that bind this ACL. IV-10-4 IPv4 ACE This page allows user to add, edit or delete ACE rule. An ACE rule cannot be edited or deleted if ACL under binding. New ACE cannot be added if ACL under binding. To display IPv4 ACE page, click ACL > IPv4 ACE. Figure ACL > IPv4 ACE ACL Name Sequence Action Protocol Source IP Destination IP Source Port Destination Port TCP Flags Type of Service ICMP Select the ACL name to which an ACE is being added. Display the sequence of ACE. Display the action of ACE. Display the protocol value of ACE. Display the source IP address and mask of ACE. Display the destination IP address and mask of ACE. Display single source port or a range of source ports of ACE. Only available when protocol is TCP or UDP. Display single destination port or a range of destination ports of ACE. Only available when protocol is TCP or UDP. Display the TCP flag value if ACE. Only available when protocol is TCP. Display the ToS value of ACE which could be DSCP or IP Precedence. Display the ICMP type and code of ACE. Only available when protocol is ICMP. 143

150 ACL Name Sequence Action Protocol Source IP Destination IP Source Port Destination Port Display the ACL name to which an ACE is being added. Specify the sequence of the ACE. ACEs with higher sequence are processed first (1 is the highest sequence). Only available on Add dialog. Select the action for a match. Permit: Forward packets that meet the ACE criteria. Deny: Drop packets that meet the ACE criteria. Shutdown: Drop packets that meet the ACE criteria, and disable the port from where the packets were received. Such ports can be reactivated from the Port Settings page. Select the type of protocol for a match. Any (IP): All IP protocols are acceptable. Select from list: Select one of the following protocols from the drop-down list. ICMP/IPinIP/TCP/EGP/IGP/UDP/HMP/RDP/IPV6/IPV6:ROUT/IPV6:F RAG/ RSVP/IPV6:ICMP/OSPF/PIM/L2TP Protocol ID to match: Enter the protocol ID. Select the type for source IP address. Any: All source addresses are acceptable. User Defined: Only a source address or a range of source addresses which users define are acceptable. Enter the source IP address value and mask to which will be matched. Select the type for destination IP address. Any: All destination addresses are acceptable. User Defined: Only a destination address or a range of destination addresses which users define are acceptable. Enter the destination IP address value and mask to which will be matched. Select the type of protocol for a match. Only available when protocol is TCP or UDP. Any: All source ports are acceptable. Single: Enter a single TCP/UDP source port to which packets are matched. Range: Select a range of TCP/UDP source ports to which the packet is matched. There are eight different port ranges that can be configured (shared between source and destination ports). TCP and UDP protocols each have eight port ranges. Select the type of protocol for a match. Only available when protocol is TCP or UDP. Any: All source ports are acceptable. Single: Enter a single TCP/UDP source port to which packets are matched. Range: Select a range of TCP/UDP source ports to which the packet is matched. There are eight different port ranges that can be 145

151 TCP Flags Type of Service ICMP Type ICMP Code configured (shared between source and destination ports). TCP and UDP protocols each have eight port ranges. Select one or more TCP flags with which to filter packets. Filtered packets are either forwarded or dropped. Filtering packets by TCP flags increases packet control, which increases network security. Only available when protocol is TCP. Select the type of service for a match. Any: All types of service are acceptable. DSCP to match: Enter a Differentiated Serves Code Point (DSCP) to match. IP Precedence to match: Enter a IP Precedence to match. Either select the message type by name or enter the message type number. Only available when protocol is ICMP. Any: All message types are acceptable. Select from list: Select message type by name. Protocol ID to match: Enter the number of message type. Any: All codes are acceptable. User Defined: Enter an ICMP code to match. 146

154 IV-11 QoS Use the QoS pages to configure settings for the switch QoS interface. IV-11-1 General Use the QoS general pages to configure settings for general purpose. 149

155 IV Property To display Property web page, click QoS > General > Property. Figure QoS > General > Property State Trust Set checkbox to enable/disable QoS. Select QoS trust mode CoS: Traffic is mapped to queues based on the CoS field in the VLAN tag, or based on the per-port default CoS value (if there is no VLAN tag on the incoming packet), the actual mapping of the CoS to queue can be configured on port setting dialog. IP Precedence: Traffic is mapped to queues based on the IP precedence. The actual mapping of the IP precedence to queue can be configured on the IP Precedence mapping page. 150

157 IV Queue Scheduling The switch supports eight queues for each interface. Queue number 8 is the highest priority queue. Queue number 1 is the lowest priority queue. There are two ways of determining how traffic in queues is handled, Strict Priority (SP) and Weighted Round Robin (WRR). Strict Priority (SP) Egress traffic from the highest priority queue is transmitted first. Traffic from the lower queues is processed only after the highest queue has been transmitted, which provide the highest level of priority of traffic to the highest numbered queue. Weighted Round Robin (WRR) In WRR mode the number of packets sent from the queue is proportional to the weight of the queue (the higher the weight, the more frames are sent). The queuing modes can be selected on the Queue page.when the queuing mode is by Strict Priority, the priority sets the order in which queues are serviced, starting with queue_8 (the highest priority queue) and going to the next lower queue when each queue is completed. When the queuing mode is Weighted Round Robin, queues are serviced until their quota has been used up and then another queue is serviced. It is also possible to assign some of the lower queues to WRR, while keeping some of the higher queues in Strict Priority. In this case traffic for the SP queues is always sent before traffic from the WRR queues. After the SP queues have been emptied, traffic from the WRR queues is forwarded. (The relative portion from each WRR queue depends on its weight). To display Queue Scheduling web page, click QoS > General > Queue Scheduling Figure QoS > General > Queue Scheduling 152

158 Queue Strict Priority WRR Weight WRR Bandwidth Queue ID to configure. Set queue to strict priority type. Set queue to Weight round robin type. If the queue type is WRR, set the queue weight for the queue. Percentage of WRR queue bandwidth. IV CoS Mapping The CoS to Queue table determines the egress queues of the incoming packets based on the 802.1p priority in their VLAN tags. For incoming untagged packets, the 802.1p priority will be the default CoS/802.1p priority assigned to the ingress ports. Use the Queues to CoS table to remark the CoS/802.1p priority for egress traffic from each queue. To display CoS Mapping web page, click QoS > General > CoS Mapping. Figure QoS > General > Cos Mapping 153

161 IV-11-2 Rate Limit Use the Rate Limit pages to define values that determine how much traffic the switch can receive and send on specific port or queue. IV Ingress/Egress Port This page allows user to configure ingress port rate limit and egress port rate limit. The ingress rate limit is the number of bits per second that can be received from the ingress interface. Excess bandwidth above this limit is discarded. To display Ingress / Egress Port web page, click QoS > Rate Limit > Ingress / Egress Port. 156

164 IV-12 Diagnostics Use the Diagnostics pages to configure settings for the switch diagnostics feature or operating diagnostic utilities. IV-12-1 IV Logging Property To enable/disable the logging service, click Diagnostic > Logging > Property. Figure Diagnostics > Logging > Property Enable/Disable the global logging services. When the logging service is enabled, logging configuration of each destination rule can be State individually configured. If the logging service is disabled, no messages will be sent to these destinations. Console Logging State Enable/Disable the console logging service Minimum Severity The minimum severity for the console logging. RAM Logging State Enable/Disable the RAM logging service. Minimum Severity The minimum severity for the RAM logging. Flash Logging 159

165 State Enable/Disable the flash logging service. Minimum Severity The minimum severity for the flash loggin. IV Remote Server To configure the remote logging server, click Diagnostic > Logging > Remote Server. Figure Diagnostics > Logging > Remote Server Server Address Server Ports Facility Minimum Severity The IP address of the remote logging server. The port number of the remote logging server. The facility of the logging messages. It can be one of the following values: local0, local1, local2, local3, local4, local5, local6, and local7. Emergence: System is not usable. Alert: Immediate action is needed. Critical: System is in the critical condition. Error: System is in error condition Warning: System warning has occurred Notice: System is functioning properly, but a system notice has occurred. Informational: Device information. Debug: Provides detailed information about an event. 160

170 IV-12-5 Copper Test For copper length diagnostic, click Diagnostic > Copper Test. Figure Diagnostics > Logging>Copper Test Port Copper Test Result Port Result Length Specify the interface for the copper test. The interface for the copper test. The status of copper test. It include: OK: Correctly terminated pair. Short Cable: Shorted pair. Open Cable: Open pair, no link partner. Impedance Mismatch: Terminating impedance is not in the reference range. Distance in meter from the port to the location on the cable where the fault was discovered. 165

188 Security Level View Read Write Notify Specify SNMP security level No Security: Specify that no packet authentication is performed. Authentication: Specify that no packet authentication without encryption is performed. Authentication and Privacy: Specify that no packet authentication with encryption is performed. Group read view name. Group write view name. The view name that sends only traps with contents that is included in SNMP view selected for notification. 183

189 Click "Add" or Edit button to view the Add/Edit Group menu. Figure Management > SNMP > Group > Add/Edit Group Group Version Specify SNMP group name, and the maximum length is 30 characters. Spedify SNMP version SNMPv1: SNMP Version

190 Security Level View Read Write Notify SNMPv2: Community-based SNMP Version 2. SNMPv3: User security model SNMP version 3. Specify SNMP security level No Security : Specify that no packet authentication is performed. Authentication: Specify that no packet authentication without encryption is performed. Authentication and Privacy: Specify that no packet authentication with encryption is performed. Select read view name if Read is checked. Select write view name, if Write is checked. Select notify view name, if Notify is checked. IV Community To configure and display the SNMP community settings, click Management > SNMP > Community. Figure Management > SNMP > Community Community Group View Access The SNMP community name. Its maximum length is 20 characters. Specify the SNMP group configured by the command snmp group to define the object available to the community. Specify the SNMP view to define the object available to the community. SNMP access mode Read-Only: Read only. Read-Write: Read and write. 185

191 Click "Add" or Edit button to view the Add/Edit Community menu. Figure Management > SNMP > Group > Add/Edit Community Community Type View Access Group The SNMP community name. Its maximum length is 20 characters. SNMP Community mode Basic: SNMP community specifies view and access right. Advanced: SNMP community specifies group. Specify the SNMP view to define the object available to the community. SNMP access mode Read-Only: Read only. Read-Write: Read and write. Specify the SNMP group configured by the command snmp group to define the object available to the community. 186

192 IV User To configure and display the SNMP users, click Management > SNMP > User. Figure Management > SNMP > User User Group Security Level Authentication Method Privacy Method Specify the SNMP user name on the host that connects to the SNMP agent. The max character is 30 characters. For the SNMP v1 or v2c, the user name must match the community name. Specify the SNMP group to which the SNMP user belongs. SNMP privilege mode No Security: Specify that no packet authentication is performed. Authentication: Specify that no packet authentication without encryption is performed. Authentication and Privacy: Specify that no packet authentication with encryption is performed. Authentication Protocol which is available when Privilege Mode is Authentication or Authentication and Privacy. None: No authentication required. MD5: Specify the HMAC-MD5-96 authentication protocol. SHA: Specify the HMAC-SHA-96 authentication protocol Encryption Protocol None: No privacy required. DES: DES algorithm 187

194 User Group Security Level Authentication Method Password Privacy Method Password Specify the SNMP user name on the host that connects to the SNMP agent. The max character is 30 characters. Specify the SNMP group to which the SNMP user belongs. SNMP privilege mode No Security: Specify that no packet authentication is performed. Authentication: Specify that no packet authentication without encryption is performed. Authentication and Privacy: Specify that no packet authentication with encryption is performed. Authentication Protocol which is available when Privilege Mode is Authentication or Authentication and Privacy. None: No authentication required. MD5: Specify the HMAC-MD5-96 authentication protocol. SHA: Specify the HMAC-SHA-96 authentication protocol. The authentication password, The number of character range is 8 to 32 characters. Encryption Protocol None: No privacy required. DES: DES algorithm The privacy password, The number of character range is 8 to 64 characters. 189

195 IV Engine ID To configure and display SNMP local and remote engine ID, click Management > SNMP > Engine ID. Local Engine ID Engine ID Remote Engine ID Table Table Server Address Engine ID Figure Management > SNMP > Engine ID If checked User Defined, the local engine ID is configure by user, else use the default Engine ID which is made up of MAC and Enterprise ID. The user defined engine ID is range 10 to 64 hexadecimal characters, and the hexadecimal number must be divided by 2. Remote host. Specify Remote SNMP engine ID. The engine ID is range10 to 64 hexadecimal characters, and the hexadecimal number must be divided by

199 Address Type Notify recipients host address type. Server Address IP address or the hostname of the SNMP trap recipients. Specify SNMP notification version SNMPv1: SNMP Version 1 notification. Version SNMPv2: SNMP Version 2 notification. SNMPv3: SNMP Version 3 notification. Notification Type Type Trap: Send SNMP traps to the host. Inform: Send SNMP informs to the host.(version 1 have no inform) SNMP community/user name for notification. If version is SNMPv3 the Community/User name is user name, else is community name. SNMP notification packet security level, the security level must less than or equal to the community/user name No Security: Specify that no packet authentication is performed. Security Level Authentication: Specify that no packet authentication without encryption is performed. Authentication and Privacy: Specify that no packet authentication with encryption is performed. Recipient server UDP port number, if use default checked the value is Server Port 162, else user configure. Specify the SNMP informs timeout, if use default checked the value is Timeout 15, else user configure. Specify the SNMP informs retry count, if use default checked the Retry value is 3, else user configure. 194

200 Click "Edit" button to view the Edit Notification menu. Figure Management > SNMP > Notification > Edit Notification Server Address Edit SNMP notify recipients address Specify SNMP notification version SNMPv1: SNMP Version 1 notification. Version SNMPv2: SNMP Version 2 notification. SNMPv3: SNMP Version 3 notification. Notification Type Type Trap: Send SNMP traps to the host. Inform: Send SNMP informs to the host.(version 1 have no inform) SNMP community/user name for notification. If version is SNMPv3 the Community/User name is user name, else is community name. SNMP notification packet security level, the security level must less than or equal to the community/user name No Security: Specify that no packet authentication is performed. Community Level Authentication: Specify that no packet authentication without encryption is performed. Authentication and Privacy: Specify that no packet authentication with encryption is performed. Server Port Recipients server UDP port number, if use default checked the value 195

202 COPYRIGHT Copyright Edimax Technology Co., Ltd. all rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the prior written permission from Edimax Technology Co., Ltd. Edimax Technology Co., Ltd. makes no representations or warranties, either expressed or implied, with respect to the contents hereof and specifically disclaims any warranties, merchantability, or fitness for any particular purpose. Any software described in this manual is sold or licensed as is. Should the programs prove defective following their purchase, the buyer (and not this company, its distributor, or its dealer) assumes the entire cost of all necessary servicing, repair, and any incidental or consequential damages resulting from any defect in the software. Edimax Technology Co., Ltd. reserves the right to revise this publication and to make changes from time to time in the contents hereof without the obligation to notify any person of such revision or changes. The product you have purchased and the setup screen may appear slightly different from those shown in this QIG. The software and specifications are subject to change without notice. Please visit our website for updates. All brand and product names mentioned in this manual are trademarks and/or registered trademarks of their respective holders. 197

203 Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1. Reorient or relocate the receiving antenna. 2. Increase the separation between the equipment and receiver. 3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. 4. Consult the dealer or an experienced radio technician for help. FCC Caution This device and its antenna must not be co-located or operating in conjunction with any other antenna or transmitter. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. Any changes or modifications not expressly approved by the party responsible for compliance could void the authority to operate equipment. Federal Communications Commission (FCC) Radiation Exposure Statement This equipment complies with FCC radiation exposure set forth for an uncontrolled environment. In order to avoid the possibility of exceeding the FCC radio frequency exposure limits, human proximity to the antenna shall not be less than 2.5cm (1 inch) during normal operation. Federal Communications Commission (FCC) RF Exposure Requirements This EUT is compliance with SAR for general population/uncontrolled exposure limits in ANSI/IEEE C and had been tested in accordance with the measurement methods and procedures specified in OET Bulletin 65 Supplement C. The equipment version marketed in US is restricted to usage of the channels 1-11 only. This equipment is restricted to indoor use when operated in the 5.15 to 5.25 GHz frequency range. R&TTE Compliance Statement This equipment complies with all the requirements of DIRECTIVE 2014/30/EU OF THE EUROPEAN PARLIAMENT AND THE COUNCIL of March 9, 1999 on radio equipment and telecommunication terminal equipment and the mutual recognition of their conformity (R&TTE). The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal Equipment and Satellite Earth Station Equipment) As of April 8, Safety This equipment is designed with the utmost care for the safety of those who install and use it. However, special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment. All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment. EU Countries Intended for Use The ETSI version of this device is intended for home and office use in Austria, Belgium, Bulgaria, Cyprus, Czech, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Turkey, and United Kingdom. The ETSI version of this device is also authorized for use in EFTA member states: Iceland, Liechtenstein, Norway, and Switzerland. EU Countries Not Intended for Use None 198

LevelOne GES-1650 16 GE + 4GE SFP Web Smart Switch User Manual Version 1.0-1109 1 FCC Certifications This Equipment has been tested and found to comply with the limits for a Class A digital device, pursuant

16-Port Gigabit Ethernet Web Managed Switch LCS-GS8416 User Manual 1 FCC Certifications This Equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part

4 Cnfiguration The features and functions of the D-Link Web Smart Switch can be configured for optimum use through the Web-based Management Utility. Smart Wizard Configuration After a successful login,

Chapter 1 Product Introduction Congratulations for purchasing of the Gigabit Ethernet Switch. Before you install and use this product, please read this manual carefully for full exploiting the functions

LevelOne GES-0852 8 GE with 1 Combo SFP Web Smart Switch User Manual Version 1.0-1109 1 FCC Certifications This Equipment has been tested and found to comply with the limits for a Class A digital device,

4 Configuration The features and functions of the D-Link Smart Managed Switch can be configured through the web-based management interface. Web-based Management After a successful login you will see the

Product Overview. ATS-4500 v2 is a full GE L2 Web Smart switch with cost effective and wire-speed switching capacity, which can be good choice for GE to desk solution and GE access demoand. 24 GE access

Chapter 4 Configuring Switching Using the Switching Tab The navigation tabs on the top of the home page include a Switching tab that lets you manage your GS108T Gigabit Smart Switch using features under

LevelOne GES-2451 24 GE with 4 Shared SFP Web Smart Switch User Manual REV1.0.0 1910020632 FCC STATEMENT This equipment has been tested and found to comply with the limits for a Class A digital device,

DES-2108 8-port 10/100 Fast Ethernet Switch User s Guide FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.

SD24GS 24-Port Web Smart Gigabit Ethernet Switch User s Manual FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC